‘Joke of .gov site’: Elon Musk-led DOGE’s site is insecure, made from public database that anyone can edit

The outlet reported that the website is based on a database that can be edited by anyone. It said that two separate people found the vulnerability.

Also read: Error 404: Over 350 LGBTQ pages deleted from US government websites, says report

One of the two people, who reported the vulnerability, themselves added at least two database entries that are visible on the live site. The entries say, “This is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro”.

After the website’s launch, Musk had told reporters that his DOGE is “trying to be as transparent as possible. In fact, our actions-we post our actions to the DOGE handle on X, and to the DOGE website.” The website was initially launched with a blank page but was later updated to show the department’s posts on X along with statistics about the US government’s federal workforce.

Also read: Narendra Modi’s US visit: What world media said about PM-President Donald Trump meeting, trade deal

DOGE’s website is seemingly build on a Cloudfare Pages site that is not currently hosted on government servers. “The database it is pulling from can be and has been written to by third parties, and will show up on the live website,” 404 Media said.

“Feels like it was completely slapped together,” one of the coders who spotted the vulnerabiltiies said. “Tons of errors and details leaked in the page source code,” they added. “Rather than having a physical server or even something like Amazon Web Services, they’re deploying using Cloudflare Pages which supports custom domains,” the second coder who noticed the insecurity said.

404 Media had earlier reported that waste.gov, another website created to track government waste, was sitting live with a placeholder Wordpress default template page and sample text. Following the outlet’s reporting, the website was put behind a password wall.